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TH« ZHVEKTIOH relat« to a method of and software for 
monitoring digital lnfon«tion, having particular application to 
S eecuring digital Information against unauthorised access and/or 
use. Monitoring digital information in the contact of the 
present Invention is to >=e taJcen to include addressing security 
aspects as well as providing behavioural and/or »ar>cet analysis 

10 T ''^^'^ °' =^ ^"^ informatl^ 

10 The invention has particular application to use in respect of a 

it wxu be appreciated that the invention is not limited to this 
field of use. 

" dat ' i-'o—tlon. generally in the fom, of program or 

data flies stored on digital data storage device such as. for 
example a hard dls.t drive. CD-ROH or such like, c«x represent 
a significant Investment in time and money to develop. For the 
purposes of the present specification, unless the context 

ao naxcates otherwise, the terms -digital Information., -data 

exilutahT""'"' ^ - ""th 

executable program files and the llxe and non-executable data 

files and the li,ce. The term, -serial number, is to be taken to 

consist Of potentially both numeric and non-numeric characters. 

I^tivir i» taken to include such 

activities commonly Jmown as -hacking, and the llfce. 

accessing digital information has been In^roved with the 
development of computer networks, particularly the Internet, with 
30 "'^ .^Plications such as web browsers and the 

like. However, there 1. , a . temptation for users to pilfer 

/ 



information or abuse the ready availability. Moreover, la some 
circumstances, privacy and/or security issues would make it 
undesirable to make digital information freely available, or at 
lease, available in an uncontrolled manner. 

in the case of the Internet and the World wide Web in 
5 particular, although some websites have restricted entry, once 
a user has accessed the information, that information is 
vulnerable to being taken and used in a way that could at best 
be undesirable, and at worst, illegal. Even In the case of 
webpages being generated from database or encrypted sources, once 
10 the information has been assembled and downloaded, it is 
vulnerable to abuse. Moreover, a strategy consisting solely of 
authenticating users leaves such unencrypted information 
vulnerable to unauthorised access by hackers or the like. 

File transmission protocols may include an ability to 
15 restrict the functionality of the client computer receiving 
digital information in order to provide some form of protection 
*or example, in the case of web browsers, it is possible to embed 
extensions, applets or the like to prevent a client computer 
from, for example, printing a file, saving it to disk, or partly 
20 disabling a mouse or a keyboard. However, these measures can 
often be circunr,rented if the user of the client computer is 
sufficiently experienced. 

The Internet has also become a common route by which 
software is purchased. Even when software is purchased through 

25 normal retail channels, once it has ben purchased, the software 
xs often required to be registered with the software producer or 
retailer as part of the installation process in order to decrease 
the likelihood of unauthorised copying of the software. However, 
such protection systems may sometimes be circumvented, or may be 

30 difficult to Implement. 
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Present methods of monitoring digital information do not 
provide substantial ability to perform behavioural or market 
analysis in respect of usage of that digital information. 
Neglected aspects include, for example, tracking piracy 
attempts, geographic distribution and usage, network location, 
5 sex, age and occupation, contact details and methods, tracking 
production, sale, distribution chain and user registration steps, 
user feedback, post-registration usage, PC-platform age, PC- 
hardware usage and marketing profile. 

The present invention aims to provide method of and software 
10 for monitoring digital information which alleviates one or more 
of one of the aforementioned disadvantages. The invention also 
aims to provide digital information protected by the method 
and/or software of the invention, other aims and advantages of 
the invention may become apparent from the following description. 

DISCLOSlipi E OF THF. TNVENTTniy 

With the foregoing in view, this invention in a first aspect 
resides broadly in a method of monitoring digital information 
including : 

creating a secure wrapper around the digital information 
20 using a method selected from: 

a first wrapper method including directly embedding a 
first executable protection software portion in the 
digital information; or 

a second wrapper method including linking a Second 
25 executable protection software portion to the digital- 

information by way of an application program interface 
(API) ; or 
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a third wrapper method including modifying the digital 
information and embedding a third executable 
protection software portion in the modified digital 
information; 

each of the first, second and third executable protection 
5 software portion including a specific performance portion 
operable by a user to perform one or more specific performance 
tasks, the or at least one of the specific performance tasks 
including a hardware environment check; 

selecting one of the first second or third wrapper methods 
10 according to the software and development platform of the digital 
information, the accessibility of the source code of the digital 
information, and/or the level of monitoring required, 

executing selected wrapper method by way of the first 
second or third executable protection software portions including 
15 the steps of: 

intercepting access to the digital information; 

checking that at least one of the specific performance tasks 
has been performed, including the hardware environment check has 
been performed; and 
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validating whether or not the hardware environment 
corresponds to the hardware environment which has been previously 
Checked . 

once the monitoring has been or is being performed in 
accordance with the invention, access to the digital information 
25 may be provided in a manner transparent to the user that the 
digital information has been or is being monitored. 

in a second aspect, the present Invention resides broadly 
in a method of monitoring digital Information including: 
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creating a secure wrapper aroxmd the digital information by 
embedding an executable protection software portion in the 
digital information, the executable protection software including 
a specific performance portion operable by a user to perform one 
or more specific performance tasks, the or at least one of the 
specific performance tasks including a hardware environment 
check; 

the secure wrapper being operable to: 

intercept access to the digital information; 

check that at least one of the specific 
performance tasks, including the hardware environment 
check has been performed; and 

validate whether or not the hardware environment 
corresponds to the hardware environment which has been 
previously checked. 

in a third aspect, the present invention resides broadly in 
a method of monitoring digital information including: 

creating a secure wrapper around the digital information by 
including linking an executable protection software portion to 
the digital information by way of an application program 
20 interface (API) , said executable protection software portion 
including a specific performance portion operable by a user to 
perform one or more specific performance tasks, the or at least 
one Of the specific performance tasks including a hardware 
environment check; 

25 the secure wrapper being operable to: 

intercept access to the digital information; 



15 



-6- 



check that at least one of the specific 
performance tasks, including the hardware environment 
check has been performed; and 

validate whether or not the hardware environment 
corresponds to the hardware environment which has been 
5 previously checked. 

In a fourth- aspect the present invention resides broadly in 
a method of monitoring digital information including: 

creating a secure wrapper around the digital information by 
modifying the digital information and embedding an executable 
10 protection software portion in the modified digital information; 

the executable protection software including a specific 
performance portion operable by a user to perform one or more 
specific performance tasks, the or at least one of the specific 
performance tasks including a hardware environment check; 

15 the secure wrapper being operable to; 

intercept access to the digital information; 

check that at least one of the specific 
performance tasks has been performed, including the 
hardware environment check has been performed; and 

^° validate whether or not the hardware environment 

corresponds to the hardware environment which has been 
previously checked. 

once the monitoring has been or is being performed in 
accordance with the invention, access to the digital information 
25 may be provided in a manner transparent to the user that the 
digital information has been or is being monitored. 



Preferably, the specific performance includes an exchange 
of codes between a client coniputer and a server computer 
operatively connected to tbe server computer. Preferably, the 
exchange of codes includes: 

the uploading of a code corresponding to the hardware 
5 environment of the client computer,- 

the uploading of a code corresponding to the digital 
information, such as, for example, a unique serial number or the 
like issued for that particular example of digital information; 
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10 the downloading of a code corresponding to a key for entry 

into the client computer for accessing the digital information 
on an ongoing basis or for a selected time period. 

in the case of the digital information being in the form of 
non-executable data, such as, for example, a webpage, database, 
15 text file, spreadsheet, or the like, it is preferred that the 
third wrapper method be selected. 

In a fifth aspect, the present invention resides broadly in 
a method of monitoring digital information in the form of a non- 
executable, browser-readable code and/or content including: 

20 creating a mapping table capable of translating and 

preserving text, all object paths, extensions and such ' like 
within a single container or file structure to form a mapped 
file; *^ 

converting the mapped file into an executable file structure 
25 to form a conversion file,- 

encrypting the conversion file to form an encrypted file 
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eTHbedding protection software as herein described to enable 
dynamic decryption of selected content of the encrypted file when 
correctly registered. 

For example, where the non-executable file is in the form 
of a file in hypertext markup language (HTML) , possibly including 
5 applets, MIME for non-text content, or other non-text inclusions, 
the data file is converted into an executable file which provides 
the exchange of codes described herein. m such form, it is 
further preferred that the exchange of codes includes the 
downloading of an encryption key, and the executable file 
10 includes information encrypted according to the key. The method 
in this case includes the encoding of the digital information 
using the key generated for the particular client computer, such 
that the same digital information may be provided in a different 
form, being encoded with a different encryption key, for each 
15 Client computer connected to the server. 

m a sixth aspect, the present invention resides broadly in 
a system architecture for providing monitoring of digital 
information, including: 

primary web server means for serving a computer network; 

20 a plurality of client con5)uters operatively connected to the 

primary web server means by way of the network; 

one or more registration server means operatively connected 
to the primary web server and operatively connectible to the 
client computers by way of the network; 

25 registration support means operatively associated with the 

primary web and registration server means for supporting the 
functionality of the primary web and registration server means; 



•9- 



wherein the primary web server means is operable to provide 
validation of a call from any client computer, tracking the 
client computer and if required redirecting the call; 

and Wherein the registration server means is operable to 
provide registration of each client computer when operatively 
S connected thereto by way of the network; 

the operative association of the registration support means 
including alternative means of communicating information between 
the client computers and the registration server means for client 
computers which are not connected thereto and the registration 
10 support means being operable to provide or, functional in 
providing for registration of any client computer by way of the 
alternative means of communicating. 

optionally, if the primary web server is, or becomes, 
inoperable, the method may include validating a call from any 
IS client computer and tracking the client computer. The 
alternative means of communicating could include, for example, 
provision for web form, email, telephone, fax or postal 
transmission of relevant information instead of direct online 
communication . 

20 Preferably, the architecture further includes data analysis 

means operatively connected to the registration server means for 
analysing the registration, usage or other billing, behavioural, 
demographic and/or market analysis of information received from 
the client computers in the registration and usage of digital 

25 information. 

In a seventh aspect, the present invention resides broadly 
in a method of protecting software, the method insofar as the 
installation and registration of the software including the steps 
of: 
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-lo- 
ins tailing the software on a contputer; 

after installing the software, running the software for a 
first time; 

upon the running of the software on the computer, generating 
an installation code from the hardware profile of the computer; 

after generating the installation code, requesting a unique 
serial number from an authorisation source, the request including 
providing the hardware profile of the computer; 

after requesting the serial number, registering the software 
with a registration authority using the serial number and 
10 installation code; 

receiving a positive or negative reply from the registration 
authority; 

upon the receipt of a negative reply from the registration 
authority, returning to the step of requesting a serial number 
IS and following the steps thereafter; 

upon the receipt of a positive reply from the registration 
authority, receiving a registration key from the registration 
authority and saving the registration key on the computer, 
whereupon the software may be executed insofar as its functional 
20 performance is concerned; 

the method insofar as the post-registration running of the 
software including the further steps of: 

running the software on the computer; 

upon the running of the software on the computer, generating 
25 an installation code from the hardware profile of the computer; 
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after the hardware profile has been generated, con5)arlng the 
registration key with the hardware profile; 

upon the matching of the hardware profile with the 
registration key, permitting the software to executed insofar as 
its functional performance is concerned; 

S upon the failure of the hardware profile to match the 

registration key, denying permission for the software to executed 
insofar as its functional performance is concerned. 

Preferably, the computer is a client computer operably 
connectible to a server computer, and the serial number and 
10 registration key are uploaded and downloaded {as the case may be) 
between the client and server computers when operably connected 
to one emother. 

In an eighth aspect, the present invention resides broadly 
in a method of monitoring digital information including: 

15 adding a protection software portion: 

modifying the protection software portion so as to mask its 
identifying characteristics and behaviour. For example, 
operative portions of program code may be embedded into other 
code which is. apparently, functional, but never called by the 
20 actual program in its operation. 

In a ninth aspect, the present invention resides broadly in 
a method of monitoring digital information having a protection 
software portion as hereinbefore described, including; 

adding a specific performance portion for checking for the 
25 presence of code-breaking methods; 

checking for the presence of code-breaking methods to 
provide a check result; and 



-12- 



modifying the behaviour of the protection software portion 
m accordance with the check result, 

BWEF DESCRTPTroN nv jr^ t, drawtohs 

in order that the invention may be more readily understood 
and put into practical effect, reference will now be made to the 
5 accompanying drawings which illustrate a preferred embodiment 
of the invention and wherein:- 

Pig. 1 is a flowchart illustrating a method of 
monitoring digital information according to the 
invention; 

^° 2 is a flowchart illustrating a method of 

converting browser readable digital information 
according to the invention; and 

Fig- 3 is a diagrammatic representation of an 
architecture for monitoring digital information 
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The method 10 illustrated has in two stages, an installation 
and registration stage li and a post registration stage 20. in 

20 the first stage, a user installs software at step i2 and runs the 
software at step 13 using the normal commands of the computer 
upon Which the method of the present invention is to be 
performed. At step 14, the running of the software generates an 
installation code from the hardware profile of the computer ihe 

25 software then requests a serial number and other details, such 
as name, address, contact details and the like at step 15. The 
registration process is then instituted in accordance with the 
procedures hereinbefore described at step I6, usually by way of 
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an internet connection to a web server computer. if the 
registration is successful at step 17, a registration key is 
saved at step 18, otherwise, if specific security parameters have 
been exceeded at step 20, the software exits at step 21 or 
returns the user to step 15. Upon the saving of the registration 
5 key in step 18, the application program installed by the 
foregoing steps is executed at step 19. 

m the second stage at 22, for each subsequent running of 
the program at step 19 described, a sequence of prerequisite 
steps are performed in accordance with the invention, these being 
0 described hereinafter. The software is run at step 23, whereupon 
an installation code is generated from the" hardware profile of 
the computer at step 24 in a similar fashion to that of step 14 
above. The saved registration key at step 18 is compared to that 
required of a computer having the matching installation code at 
step 25. At step 26, a negative match rejects further execution 
of the program at step 27, but a positive permits the program to 
continue at step 28 in a similar fashion to that of step 19 
described above. 

The method 30 for protection of webpages described in Pig 
2, includes the following steps. The raw HTML and associated 
browser-readable code and/or content is received at step 31. a 
mapping table is applied to the code at step 32. The mapped data 
is converted into an executable file at step 33, which is then 
encrypted at step 34 . The software protection described herein 
is embedded into the encrypted file at step 35 to produce 
protected software at step 36. 

The system architecture 50 illustrated in Fig. 3 includes 
a primary web server 51 operatively connected to a primary 
registration server S3, a secondary registration server 54 and 
a tertiary registration server 55. A client computer 52 (of 
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which there vould normally be a plurality, one only being sho^ 
for clarity) is operatively connected to the web server and the 
registration servers. Communication may be routed automatically 
through a primary web server 51 or manually via a web form 56 
The architecture provides for removal of the primary web server 
5 ,in Which case, the client computer 52 os operatively connected 
to the registration server 53, 54 or 55. Registration support 
shown at 60 is operatively associated with the registration 
server, normally by telephone at 61 but the architecture also 
provides alternative communication methods, including email 65 
10 postal service 62 and fax transmission 63 . The fax communication 
may be routed through a fax server 64 or received in hardcopy by 
. registration support. The architecture also provides for 
monitoring other than- security such as data gathering at 70 
Which includes billing and behavioural, demographic and market 
15. analysis functions at 71 for production of reports and/or 
invoices at 72, 

in order that the invention may be more readily understood 
and put into practical effect, reference will now be made to an 
example of the invention in use. The first time an application 
20 program is started on a client computer, the protection software 
will generate an installation code which is based on a number of 
parameters unique to- the computer platform on which the 
application is installed. 

A unique serial number, entered by the client, and the 
25 installation code are supplied to the registrar a 
mathematicaliy-related unlock or registration key, which can only 
be generated by the registrar with the specific key-generation 
program for that application, is returned to the client The 
registrar may be an Internet-connected server of a software tool 
30 administered by a support person, if the Internet registration 
server option is chosen, entry of the registration key is 
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automatic and transparent to the user once the user has entered 
the required information. 

Until the registration key has been successfully entered, 
each time the application is started, it will request the key. 
once the key has been entered, it will be compared with the 
5 parameters described above, if the software is copied to another 
computer, it will again follow the registration process as the 
new system parameters, typically unique to each computer, will 
not match. 

In relation to HTML and related content, the method of the 
10 present invention addresses a special challenge for the 
protection as the- content itself is not an executable program in 
its own right and can in the absence of the protection afforded 
by the method .of the present invention be read, modified and 
displayed by numerous editors and browsers. The method of the 
15 present invention converts html code, including java script, XML 
and any other type of browser-readable code and/or content to an 
encrypted, protected, executable file structure while preserving 
all normal browser functionality and compatibility. Content can 
be protected on cd-rom or any other media, including remotely 
20 referenced content on a web server, in the case of a web server 
converted and encrypted files are held on the web server The 
files are viewed via the protected local client software which 
decrypts the files prior to viewing. 

Utilising web-based content enables authors to update 
25 content on the server without any modification to client code 
while still maintaining protection. 

Por example, the user starts the program for the first time 
and is requested to enter their contact details, unique serial 
number supplied with the purchased software and optional 
30 marketing and demographic information. The protection software 
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Of the present invention generates a unique installation code 
based on selected parameters unique to the computer' platform on 
which the application is installed. if internet connection is 
present, the above information is uploaded to the registration 
server. if an Internet connection is not present, the user is 
5 guided through the options of registration by post, fax or 
telephone to the manual registrar (at 60 in Pig. 3) , The client 
receives the required Registration Key or if the registration 
criteria are not valid a rejection is issued and the software 
will not function. 

10 in the case of automated registration by way of the Internet 

or the like, including client direct or via a web form, the 
primary web server validates the client information, adds IP 
address tracking information and forwards the request to the 
first available registration server, if the primary web server 

15 option is not used, the first available registration server 
validates the client information, adds IP address tracking 
information and processes the request. The registration and 
tracking information is captured in the database and compared 
with the registration history. if the specific registration 

20 criteria are met, a valid registration key is sent to the client 

If not, the request is rejected. All registration details in the 

database are automatically . synchronised with each registration 
server . 

in the case of manual registration, the registration details 
25 are received by a nominated representative via telephone, fax or 
post. Registration information i« captured with software 
specifically designed for the registrar. The registrar software 
is itself protected by the software protection method of the 
present invention and can be dynamically controlled in terms of 
30 its ability to be registered itself and to register software 
users-r 
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The registrar software captures registration information 
in the database and compares it with the registration history via 
a secure Internet link to the registration server. if the 
specific registration criteria are met, a valid registration key 
is returned to the client via their nominated method of receiving 
5 the registration details (email, telephone, fax, post, etc) . if 
the specific registration criteria are not met, the request is 
rejected and a corresponding message is returned to the client 
via their nominated method of receiving the registration details. 
If successful, the user manually enters, the supplied registration 
10 details into the protection software screen provided. 

in performing the method of the invention, several options 
may be selected for software registration. As a first example, 
only a specific number of registrations per serial number may be 
permitted by the software vendor. As a second example, 
15 registrations within an allowable range of serial numbers may be 
pre-allocated by the software vendor. As a third example, 

registration for a trial or demonstration r,*.v.<«rt . 

be time limited. As a fourth example, the number of times that 
registrations may be limited. As a fifth example, the PC- 
20 platform parameters used to uniquely identify the installation 
can be varied to suit the strength or uniqueness required by the 
software vendor. As a sixth example, the number of registrations 
allowable on the same PC platform may be limited as identified 
in the fifth example. As a seventh example, concurrent licensing 
2S may be provided for. A specific number of licences can be shared 
across any Internet -connected PCs. The software may be 
installed on any PC but will not run without first validating 
with the registration server that a licence is available for use. 
AS an eighth option, licence transferral may be provided by 
30 permitting a serial number to be released for re-use by the user 
after validation of licence cancellation on that platform. 



-18- 



In performing the methbd of the Invention, several options 
may be selected for behavioural and market analysis. As a first 
example, providing behavioural and/or market analysis in respect 
of the nature and number of piracy attempts by comparing all 
successful and unsuccessful registration attempts for specific 
5 PC platforms, clients, networks and software distributions. As 
a second example, providing real-time behavioural and/or market 
analysis in respect of the geographic and network distribution 
and usage of software. As a third example," providing real-time 
behavioural and/or market analysis in- respect of the sex, age and 
10 occupation of clients. As a fourth example, providing targeted 
marketing to specific clients and client groups utilising contact 
details, preferred contact methods and other monitoring 
information. As a fifth example, providing real-time behavioural 
and/or market analysis in respect of sales, distribution chain 
15 and user registration steps including timing and volumes. As a 
sixth example, providing real-time behavioural and/or market 
analysis in respect of post-registration usage including 
frequency, duration and functionality. As a seventh example, 
providing real-time behavioural and/or market analysis in respect 
20 of the PC- platform type and age used. As an eighth example, 
providing real-time behavioural and/or market analysis in respect 
of product specific user feedback. 



-19- 

Al though the invention has been described with reference to 
specific examples, it will be appreciated by persons skilled in 
the art that the invention may be embodied in other forms without 
departing from the broad scope and ambit of the invention as 
herein set forth. 

Dated this 7«* day of January, 2003 

Skcurbwrap P^y Tf^n 



By their Patent Attorneys 
AHEARW Fny 
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